Applicant 
Serial No. 
Filed 
Page 



Robert G. Watkins 
10/058,338 
January 30, 2002 
2 of 8 



Attorney's Docket No.: 06975-232001 / Security 16 



REMARKS 



In response to the non-final office action of March 28, 2005, applicant asks that all claims 
be allowed in view of the following remarks. Claims 1-92 are now pending, of which claims 1, 
19, 32, 50, 63 and 92 are independent. 

Rejection under Section 103 (Claims 1-12, 19-43, 50-74 and 78-92) 

Claims 1-12, 19-43, 50-74, and 78-92 were rejected under 35 U.S.C. § 103 as being 
unpatentable over Nguyen (U.S. Patent No. 5,638,448) in view of Simon (U.S. Patent No. 
6,871,276). See Office action of March 28, 2005 at page 2, lines 9-10. Applicant requests 
reconsideration and withdrawal of this rejection because neither Nguyen, Simon nor any proper 
combination of the references describes or suggests performing a mathematical computation on 
an access password and a client-communication-system-specific identifier. 

Claims 63-74 

Independent claim 63 1 recites an apparatus for identifying an unauthorized client 
communication system seeking access to a host communication system. The apparatus, inter 
alia, includes a performing device structured and arranged to perform a mathematical 
computation on an access password and a client-communication-system-specific identifier. A 
client-communication-system-specific identifier may include a device-specific identifier (claim 
70), which may include a hard disk identifier (claim 71), an Ethernet address (claim 72), a 
central processing unit serial number (claim 73) or a description of storage characteristics of the 
hard disk (claim 74). The apparatus also includes a designating device structured and arranged to 
designate a client communication system as unauthorized based on a result of the mathematical 
computation. 

Nguyen discloses techniques for encrypting different portions of a logon packet (having 
information related to a logon request) "with different keys based on the nature of the 

1 The rejection begins with a discussion of claim 63 and later addresses, inter alia, claims 79, 1- 
12, 19-43, 50-62. See Office action of March 28, 2005 at page 2, line 1 1 to page 3, lines 2 
(describing rejection of independent claim 63); page 5, lines 1-2 (describing rejection of 
independent claim 79 for same rationale as claim 63); and page 5, lines 14-16 (describing 
rejection of independent claims 1, 19, 32 and 50). For convenience, applicant responds first with 
a discussion of claim 63. 
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communications link" to enable a client and a server to mutually authenticate each other. See 
Nguyen at col. 1, line 65 to col. 2, line 3. See also Nguyen at col. 3, line 50 to col. 4, line 20. 
More particularly, Nguyen discloses encrypting a part of the logon packet with a key created 
from the user ID and the password. See Nguyen at col. 4, lines 12-16 and col. 16, lines 22-33. 

The rejection concedes that Nguyen does not disclose a client-communication-system- 
specific identifier, and in particular, the rejection concedes that Nguyen does not "detail the 
client ID as a client-communication-system identifier." 2,3 See the Office Action of March 28, 
2005 at page 2. For this teaching, the rejection relies on Simon to show a client device providing 
a "security level with an identifier for certifying authority as taught by Simon." See Office 
Action of March 28, 2005 at page 2, line 24 to page 3, line 2. Applicant submits that Simon, like 
Nguyen, fails to disclose a client-communication-system-specific identifier. 

Simon discloses a system in which a certificate provides information about a client 
device to a content server without revealing the client's identity. See Simon at Abstract. In 
Simon, the client device 102 provides information about itself to the content server 104 through a 
certificate that was previously authenticated by a separate certifying authority 108. See Simon at 
col. 6, lines 22-24 and Fig. 4. The certificate contains attributes 214 of the client 102 such as the 
general type of device the client 102 is, what type of operating system the client 102 is running, a 
predefined security level of the client device 102, and the identity of the certifying authority 108. 
See Simon at col. 6, lines 28-41 . The content server uses the attributes from the certificate to 
determine whether to allow the client to receive content. See Simon at col. 8, lines 5-14. 



2 

Applicant respectfully notes that Nguyen discloses a user ID and does not disclose a client ID. 
Presumably, the rejection meant to indicate that Nguyen does not detail the user ID as a client- 
communication-system identifier. Applicant responds accordingly. 

3 Applicant notes that the rejection asserts, in discussing the rejection of claim 70 that depends on 
claim 63, that a proper combination of Nguyen and Simon discloses that the client- 
communication-system-specific identifier comprises a device-specific identifier and cites 
Nguyen as disclosing a device-specific identifier. See Office Action of March 28, 2005 at page 
4, lines 4-6 (citing Nguyen at col. 4, lines 10-12 as disclosing that "the client generates a 192 bit 
key from the server name"). Applicant respectfully disagrees. Nguyen's generation by the client 
of a 192-bit key from the server's name does not describe or suggest client-communication- 
system-specific identifier. As such, the rejection was correct in noting that Nguyen does not 
disclose a client-communication-system-specific identifier. 
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Simon's certificate clearly reveals attributes of the client, but it does not reveal the 
specific identity of the client device to content server. In fact, none of the attributes of the client 
device revealed in the Simon certificate is a client-communication-system-specific identifier. As 
such, Simon does not describe or suggest the use of a client-communication-system-specific 
identifier. Moreover, Simon does not disclose performing a mathematical computation on a 
client-communication system-specific identifier, much less performing a mathematical 
computation on a password and a client-communication system-specific identifier. 

Accordingly, Simon does not remedy the deficiency of Nguyen to describe or suggest the 
use of a client-communication-system-specific identifier. Nor does Simon cure the failure of 
Nguyen to describe or suggest performing a mathematical computation on an access password 
and a client-communication-system-specific identifier, as recited in claim 63. 

Even assuming arguendo, as asserted by the rejection, that "[i]t was well-known in the 
Network security art that a client device (i.e.: client system) provides a security level with an 
identifier for certifying authority," applicant notes that providing a security level with an 
identifier for a certifying authority does not describe or suggest a client-communication-system- 
specific identifier. See Office action of March 28, 2005 at page 2, line 24 to page 3, line 2 
(citing Simon at col. 6, lines 22-50). The cited portion of Simon discloses that attributes in a 
certificate provided by the client may include "a security level 216 of a client device 102 (e.g., a 
numeric level of a predefined set of security levels) and an identifier 218 of certifying authority 
108." See Simon at col. 6, lines 38-41. As such, the security level is not a client- 
communication-system-specific identifier, nor is the identifier for a certifying authority a client- 
communication-system-specific identifier. 

Hence, the rejection's assertion that it was well-known that a client device provides a 
security level with an identifier for a certifying authority, even if true, does not remedy Nguyen's 
failure to performing a mathematical computation on an access password and client- 
communication-system-specific identifier and designating a client communication system as 
unauthorized based on a result of the mathematical computation, as recited by claim 63. 

Accordingly, neither Nguyen, Simon, nor any proper combination of the references 
describes or suggests a performing device structured and arranged to perform a mathematical 
computation on an access password and a client-communication-specific identifier, as recited in 
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claim 63. Moreover, neither Nguyen, Simon, nor any proper combination of the references 
describes or suggests a designating device structured and arranged to designate a client 
communication system as unauthorized based on a result of the mathematical computation, also 
as recited in claim 63. 

Accordingly, for at least these reasons, applicant respectfully requests reconsideration 
and withdrawal of the rejection of claim 63 and claims 64-74 and 78, which depend from 
independent claim 63. 

Claims 1-12 and 32-43 

Independent claim 1 recites a method for determining whether a client communication 
system seeking access to a host communication system is authorized to do so in a manner 
corresponding to that of claim 63. Independent 32 recites a computer readable medium or 
propagated signal having embodied thereon a computer program for identifying an unauthorized 
client communication system seeking access to a host communication system that does the same. 

For the reasons noted above with respect to claim 63, applicant asks reconsideration and 
withdrawal of the rejection of claims 1 and 32 along with their respective dependent claims 2-12 
and 32-43. 

Claims 19-31, 50-62 and 79-92 

Independent claim 19 relates to a method for handling information about an authorized 
client communication system. The method includes, inter alia, performing a mathematical 
computation on an access password and a client-communication-system-specific identifier. The 
method also includes storing a result of the mathematical computation. 

As discussed above with reference to independent claim 63, neither Nguyen, Simon nor 
any proper combination of the references describes or suggests performing a mathematical 
computation on an access password and a client-communication-system-specific identifier. As 
such, Nguyen, Simon or any proper combination of the references necessarily cannot describe or 
suggest storing a result of such a mathematical computation, as recited in claim 19. 
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Accordingly, for at least the reasons discussed above with respect to the rejection of 
independent claim 63, applicant requests reconsideration and withdrawal of the rejection of 
claim 19 and claims 20-31, which depend on claim 19. 

Independent claim 50 recites a computer readable medium or propagated signal having 
embodied thereon a computer program for handling information about an authorized client 
communication system in a manner corresponding to that of claim 19, and independent claim 79 
recites an apparatus for handling information about an authorized client communication system 
in a manner corresponding to that of claim 19. 

Accordingly, for at least the reasons discussed above with respect to the rejection of 
independent claim 19, applicant requests reconsideration and withdrawal of the rejection of 
claims 50 and 79 and along with their respective dependent claims 51-62 and 80-92. 

Rejection under Section 103 (Claims 13-18, 44-49, and 75-77) 

Claims 13-18, 44-49, and 75-77 were rejected under 35 U.S.C. § 103 as being 
unpatentable over Nguyen in view of Simon and further in view of Cole (U.S. Patent No. 
6,564,232). See Office action of March 28, 2005 at page 6, lines 9-11. Applicant requests 
reconsideration and withdrawal of the rejection of claims 13-18, 44-49, and 75-77 because Cole 
does not remedy the failure of Nguyen, Simon or any proper combination thereof to describe or 
suggest performing a mathematical computation on an access password and a client- 
communication-system-specific identifier, as recited in independent claims 1, 32 and 63, from 
which claims 13-18, 44-49, and 75-77 respectively depend. Nor does the rejection contend that 
Cole does so. 

Cole discloses a method for managing the distribution of data structures. See Cole at 
Abstract. Cole associates a version number with each data item tracked by the system and 
updates a client's data item when the client's version number for a particular data item is 
different than the server's version number for the particular data item. See Cole at col. 5, lines 
22-35. Cole applies the techniques to control changes to passwords and login identifiers. See 
Cole at col. 8, lines 62-64. 

Cole does not describe or suggest a client-communication-system-specific identifier, nor 
performing a mathematical computation on an access password and a client-communication- 
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system-specific identifier. Necessarily, Cole cannot disclose designating a client communication 
system as unauthorized based on a result of the mathematical computation. Hence, Cole does not 
remedy the failure of Nguyen, Simon or any proper combination of the references to describe or 
suggest performing a mathematical computation on an access password and a client- 
communication-system-specific identifier, and designating a client communication system as 
unauthorized based on a result of the mathematical computation, as recited in independent claim 
1. 

Accordingly, neither Nguyen, Simon, Cole nor any proper combination of the references 
describes or suggests performing a mathematical computation on an access password and a 
client-communication-specific identifier designating a client communication system as 
unauthorized based on a result of the mathematical computation, as recited in claim 1. 

Therefore, for at least these reasons, applicant requests reconsideration and withdrawal of 
the rejection of claims 13-18, which depend, directly or indirectly, from claim 1. 

Claims 44-49 depend from independent claim 32. As discussed above, Nguyen, Simon 
or any proper combination thereof does not describe or suggest the performing a mathematical 
computation on an access password and a client-communication-system-specific identifier, and 
designating a client communication system as unauthorized based on a result of the mathematical 
computation, as recited in claim 32. Moreover, Cole does not cure the failure of Nguyen, Simon 
or any proper combination thereof to describe or suggest the subject matter of claim 32. 

Accordingly, for at least these reasons, applicant requests reconsideration and withdrawal 
of the rejection of claims 44-49, which depend directly or indirectly from claim 32. 

Claims 75-77 depend from independent claim 63. As discussed above, Nguyen, Simon 
or any proper combination thereof does not describe or suggest the performing a mathematical 
computation on an access password and a client-communication-system-specific identifier, and 
designating a client communication system as unauthorized based on a result of the mathematical 
computation, as recited in claim 63. Moreover, Cole does not cure the failure of Nguyen, Simon 
or any proper combination thereof to describe or suggest the subject matter of claim 32. 

Accordingly, for at least these reasons, applicant requests reconsideration and withdrawal 
of the rejection of claims 75-77, which depend directly or indirectly from claim 63. 
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Conclusion 

It is believed that all of the pending issues have been addressed. However, the absence of 
a reply to a specific rejection, issue or comment does not signify agreement with or concession 
of that rejection, issue or comment. In addition, because the arguments made above may not be 
exhaustive, there may be reasons for patentability of any or all pending claims (or other claims) 
that have not been expressed. Finally, nothing in this reply should be construed as an intent to 
concede any issue with regard to any claim, except as specifically stated in this reply, and the 
amendment of any claim does not necessarily signify concession of unpatentability of the claim 
prior to its amendment. 

No fee is believed due. Please apply any other charges or credits to deposit 
account 06-1050. 

Respectfully submitted, 



Date: June 28, 2005 

Barbara A. Benoit 
Reg. No. 54,777 

Customer No.: 26171 

Fish & Richardson P.C. 
1425 K Street, N.W. 
11th Floor 

Washington, DC 20005-3500 
Telephone: (202) 783-5070 
Facsimile: (202) 783-2331 



40288094.doc 



